<?php
	/*
	 * 注释、流程图
	 * MyMysql.class.php
	 * 用户名、密码、验证码
	 * CheckDtail.class
	 * 验证码：session
	 * 
	 * 成功：记住用户名一周
	 * 跳转index.html
	 * top.php:XXX,欢迎来到MYSQL数据库系统
	 */
header("content-type:text/html;charset=utf-8");
session_start();
include 'CheckDtail.class.php';
include 'MyMysql.class.php';
//print_r($_SESSION);
//print_r($_POST);
//拿出数据库中的用户名和密码放在数组里


if(isset($_POST['username'])){
	$username = trim($_POST['username']);
	$userpwd = trim($_POST['userpwd']);
	setcookie('username1', $username,time()+7*24*3600);
	setcookie('userpwd1', $userpwd,time()+7*24*3600);
	$arr1 = array(
			'username'=>$_POST['username'],
			'userpwd'=>$_POST['userpwd']
	);
	//print_r($arr1);

	if(empty($username)||empty($userpwd)){
		echo "<script>alert('填写不能为空');window.location='login.php';</script>";
	}elseif (!empty($username)&&!empty($userpwd)){
		$a = new CheckDetail();
		$name_check=$a->checkUsername($username);
		$pwd_check=$a->checkPassword($userpwd);
	}
	
	if($name_check&&$pwd_check){
		//判断用户名和密码是否正确
		
		
		if(isset($_POST['ck'])){
			$ck = trim($_POST['ck']);
			//print_r($ck);
			if(strtoupper($_SESSION['ck'])==strtoupper($ck)){
				//echo "验证码验证成功";
			}else {
				echo "<script>alert('验证码错误');window.location='login.php';</script>";
			}
		
		}
		$a = new MyMysql("localhost", "root", "flower", "ld1601");
		//$arr = ($a->myquery("select username,password from user"));
		//将字符串中有特殊含义的字符加上反斜杠
		$username = mysql_real_escape_string($username);
		//反加密，拿出数据库里的密码，反加密
		$userpwd = md5($userpwd);
		//判断用户名和密码是否和数据库里的一致
		$res = $a->myquery("select userid from user where username='{$username}' and password='{$userpwd}';");
		//print_r($arr);
		
		if($res==false){
			echo "<script>alert('用户名或密码不正确 ');window.location='login.php';</script>";
		}elseif(!empty($res)&&strtoupper($_SESSION['ck'])==strtoupper($ck)){
			echo "<script>window.location='index.php'</script>";
			exit();
		}
	}elseif($name_check==false&&$pwd_check==false){
		$nameerror = "用户名不合法";
		$pwderror = "密码不合法";
	}elseif($name_check==false){
		$nameerror = "用户名不合法";
			
	}elseif($pwd_check==false){
			
		$pwderror = "密码不合法";
	}
	
	

}
//print_r($_SESSION);
?>

<html>
	<head>
		<meta http-equiv="content-type" content="text/html;charset:utf-8"/>
		<style>
			form{
			float:left;
			margin-left:500px;
			margin-top:200px}
		</style>
	</head>
	<body>
		<form action="" method="post">
			<table>
			<tr>
				<td>用户名：
				</td>
				<td><input type="text" name="username"/>
				<?php if (isset($nameerror)){
					echo $nameerror;
				}?>
				</td>
			</tr>
			<tr>
				<td>密码：</td>
				<td><input type="password" name="userpwd"/>
				<?php if (isset($pwderror)){
					echo $pwderror;
				}?>
				</td>
			</tr>
			<tr>
				<td>验证码：</td>
				<td><input type="text" name="ck" style="width:70px"/><img src="day02checkcode.php"/></td>
			</tr>
			<tr>
				<td></td>
				<td><input type="submit" value="提交"/></td>
			</tr>
			
			<tr><td><a href="register.php">注册</a></td></tr>
			</table>
		</form>
	</body>
</html>
